From 1becc63e4c946b4fc3a15fa58bf940e4b6434787 Mon Sep 17 00:00:00 2001
From: Weston Ruter <weston@xwp.co>
Date: Thu, 8 Feb 2018 10:30:06 -0800
Subject: [PATCH] Prevent removing elements that have freeform attributes

---
 .../sanitizers/class-amp-tag-and-attribute-sanitizer.php    | 6 ++++++
 tests/test-tag-and-attribute-sanitizer.php                  | 6 +++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
index 2794b6ba432..32d243a41f8 100644
--- a/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
+++ b/includes/sanitizers/class-amp-tag-and-attribute-sanitizer.php
@@ -530,6 +530,12 @@ private function validate_attr_spec_list_for_node( $node, $attr_spec_list ) {
 		 */
 		foreach ( $attr_spec_list as $attr_name => $attr_spec_rule ) {
 
+			// If attr spec rule is empty, then it allows anything.
+			if ( empty( $attr_spec_rule ) && $node->hasAttribute( $attr_name ) ) {
+				$score++;
+				continue;
+			}
+
 			// If a mandatory attribute is required, and attribute exists, pass.
 			if ( isset( $attr_spec_rule[ AMP_Rule_Spec::MANDATORY ] ) ) {
 				$result = $this->check_attr_spec_rule_mandatory( $node, $attr_name, $attr_spec_rule );
diff --git a/tests/test-tag-and-attribute-sanitizer.php b/tests/test-tag-and-attribute-sanitizer.php
index 824b8164d2b..5bb515f41d9 100644
--- a/tests/test-tag-and-attribute-sanitizer.php
+++ b/tests/test-tag-and-attribute-sanitizer.php
@@ -755,7 +755,7 @@ public function get_html_data() {
 			),
 			'bad_meta_ua_compatible' => array(
 				'<html amp><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=9,chrome=1"></head><body></body></html>',
-				'<html amp><head><meta charset="utf-8"></head><body></body></html>',
+				'<html amp><head><meta charset="utf-8"><meta content="IE=9,chrome=1"></head><body></body></html>', // Note the http-equiv is removed because the content violates its attribute spec.
 			),
 			'bad_meta_charset' => array(
 				'<html amp><head><meta charset="latin-1"><title>Mojibake?</title></head><body></body></html>',
@@ -773,6 +773,10 @@ public function get_html_data() {
 				'<html amp><head><meta charset="utf-8"><meta name="viewport" content="width=device-width,height=device-height,initial-scale=2,maximum-scale=3,minimum-scale=1.0,shrink-to-fit=yes,user-scalable=yes,viewport-fit=cover"></head><body></body></html>',
 				null, // No change.
 			),
+			'meta_og_property' => array(
+				'<html amp><head><meta charset="utf-8"><meta property="og:site_name" content="AMP Site"></head><body></body></html>',
+				null, // No change.
+			),
 		);
 
 		// Also include the body tests.